Critical

Ensure there is no unrestricted inbound access to TCP port 27019 (MongoDB)

Security & Compliance
Description

TCP port 27019 is commonly used by MongoDB as a default configuration port for replica set members to communicate with each other. If this port is left open and unrestricted, it can pose a significant security risk, allowing attackers to gain unauthorized access to your MongoDB instances, potentially resulting in data breaches or system downtime. Therefore, it is essential to ensure that there is no unrestricted inbound access to TCP port 27019.

Remediation

To ensure that there is no unrestricted inbound access to TCP port 27019 (MongoDB), you can take the following remediation steps:

  1. Configure a firewall: Use a firewall to restrict access to TCP port 27019 to only the necessary IP addresses or networks. You can configure the firewall to allow access only from trusted sources such as your internal network or authorized external hosts.
  2. Configure MongoDB security settings: MongoDB provides several security mechanisms that can be used to restrict access to the database. These include authentication, authorization, and encryption. You can configure these settings to ensure that only authorized users can access the database.
  3. Disable MongoDB's default settings: MongoDB's default settings allow unrestricted access to the database, which can be exploited by attackers. Ensure that you have disabled the default settings and configured the database to use secure settings.
  4. Regularly update and patch MongoDB: Keep your MongoDB installation up to date with the latest security patches and updates to prevent known vulnerabilities from being exploited.

By implementing these remediation steps, you can ensure that there is no unrestricted inbound access to TCP port 27019 and minimize the risk of unauthorized access to your MongoDB database.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps